After tracing back I found where the culprits had been getting through. After a major redux of the server's operating system and then adding a bunch more security features (Firewalls, alarms, check this and check that) we are back up and running. We were attack from multi sides;
2 domains were compromised and were allowing outgoing spam. Solved by axing one domain and increasing security on the other.
We were also hit with several new linux virii and have pretty good suspect info on those where they came from.
All is good and the server is VERY healthy again. (New hard drive and operating software.
I apollogize for the down time.